Unknown · Bitcoin Core · CVE-2021-3195
Name of the Vulnerable Software and Affected Versions:
Bitcoin Core versions through 0.21.0
Description:
The issue allows bitcoind to create a new file in an arbitrary directory, such as outside the ~/.bitcoin directory, via a "dumpwallet" RPC call. This reportedly does not violate the security model of Bitcoin Core but can violate the security model of a fork that has implemented dumpwallet restrictions.
Recommendations:
For versions through 0.21.0, as a temporary workaround, consider restricting the use of the "dumpwallet" RPC call until a more permanent solution is available. Restrict access to arbitrary directories to minimize the risk of exploitation.